Upgrade to 2.3.1 has failed

C. Andrews Lavarre alavarre at gmail.com
Fri Dec 14 02:12:20 EET 2018 

Problem:
We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we
upgraded openSUSE to Leap 15.0.
In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer
works and I haven't figured out how to downgrade to the older working
version.

The key issue seems to be the change to requiring dh.pem and changing s
sl_protocols to ssl_min_protocols. I think I've navigated both
correctly, but it still doesn't work.
The error is
	     auth: Error: stats: open(old-stats-user) failed: Permission denied

	as a consequence of which we get
		    imap-login: Error: Failed to initialize SSL server context: Can't
    load SSL certificate: There is no valid PEM certificate.

We have followed the instructions at 	https://wiki.dovecot.org/S
SL/DovecotConfiguration
	1. We have created /etc/dovecot/dh.pem (yes it took five
hours) 

	2. We have edited 10-ssl.conf as directed by the Wiki:
			    	    ssl = yes
			    	    ssl_cert =
    /etc/certbot/live/privustech.com/fullchain.pem
			    	    ssl_key = /etc/certbot/live/privustech.com/privkey.pem
			    	    ssl_dh = /etc/dovecot/dh.pem    	    #(yes, it took five hours to create...)
			    	    ssl_min_protocol = TLSv1
			    	    ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
			    	    ssl_prefer_server_ciphers = no

	3. We have checked 10-ssl.conf against the 2.3 default at
		https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/10-ssl.conf

	4. We do NOT include the less than (<) symbol before the paths because then dovecot fails to load complaining it cannot find the files.

	5. we have checked all the pem keys, certificates, and  dh
files with cat, they all exist and are in the expected hash format.

	6. We have followed the instructions to set their permissions
root:root 0444 and 0400 accordingly.
	7. We have rebooted the host.

Any help or clues would be most appreciated.

Kind regards, Andy
	
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181213/6187831d/attachment-0001.html>

More information about the dovecot mailing list